The first Louisville OWASP meeting will coincide with the Kentuckiana ISSA March meeting, on Friday March 6 2009. The Louisville OWASP chapter is closely associated with the Kentuckiana ISSA chapter and will offer ISSA members, other security professionals, application developers, and all other interested parties, a free forum to learn and discuss the newest developments in application security. Following March’s meeting, we will meet quarterly on a different day and time. The information on future meetings will be following soon. Please provide feedback to the board.

'''Abstract:''' A brief look at Mozilla's proposed standard for Open Web Apps, how they work and some best practices to follow to ensure yours are secure.

+

+

We are very pleased to have another speaker from Mozillia.org at this meeting. The meeting will be conducted via teleconference.

+

+

Mark Goodwin works on application security for Mozilla, creators of the popular Firefox web browser. At work, Mark works with web applications and browser security. At home, he plays with the security too; web, phone apps, consumer electronics of all sorts. He also likes to make robots, and tweeting doorbells. Mark has previously worked on Internet banking, e-commerce, embedded systems and logistics software.

+

+

Please join us if you can. The meeting is free as always. Water and soft drinks are provided at no cost. Feel free to bring a lunch if you like.

+

+

We hope to see you there!

+

+

+

+

==Past Events==

+

'''Please note: videos of our meetings are below in the presentations sections. We will try to take video of each meeting based on the speaker's permission. Demos may be omitted.'''

+

{|class="collapsible collapsed wikitable"

+

|-

+

! Past Events

+

|-

+

|

+

'''May 14th, 2013 from 06:30-07:30PM'''

+

+

'''Where:''' LVL1 814 E Broadway Louisville, KY 40204

+

+

'''Topic:''' Blind SQL injection with sqlmap

+

+

'''Presenter:''' Conrad Reynolds

+

+

The next meeting will be held at LVL1. If you are not familiar with it, LVL1 is a "hacker space" (or "maker space" if you prefer) where people get together to work on interesting projects.

+

+

Conrad Reynolds is a very talented web application pen tester and excellent presenter which we are excited to have speaking. In addition to learning about blind SQL injection, stick around if you are so inclined to attend the LVL1 weekly meeting to see what they are all about. There are a lot of interesting projects going on at LVL1 to check out.

+

+

For the OWASP meeting, please plan on arriving between 06:00 - 06:20PM. Conrad's presentation will be from 06:30 - 07:30. If you want to stay for the LVL1 meeting, it starts at 08:00PM, and runs for 30 minutes or so. They also provide a tour of the facility for anyone interested. Some of the LVL1 members also like to cook, and may have dinner available for donations.

+

+

This is our first evening timeframe meeting. We want to accomodate as many as possible, and also wanted to partner up with LVL1 to cross-promote. We hope to see you there!

+

+

For more information on LVL1, please check out their site at http://lvl1.org

'''Curtis Koenig''' is the current Chapter Leader for the Louisville OWASP chapter, serving the southern Indiana and Greater Louisville Metro area. He is the Sr. Security Program Manager for Mozilla, the open source project behind such products as Firefox and Thunderbird. Curtis has over 10 years in the security field with knowledge in security operations, incident response, security architecture, malware analysis, and security configuration and design. Curtis is a frequent speaker at conferences for Mozilla. In his spare time Curtis like to hike and camp with his family and volunteers teaching leadership skills for youth and adults.

+

+

Topics: With our chapter being newly rebooted, Curtis covered what OWASP is all about to provide some background for new people, as well as what has changed with OWASP since our last meeting.

+

Curtis also covered a few open source tools like ZAP, Multilidae, and Web Goat, and how they are used internally at Mozilla.

When you arrive at the University's main building, Drive around past the front visitor's doors to the parking area on the right side of the Main Building. Room 254 can be accessed via a back stairway near a break area on the back right-hand side of the building, very easy to spot.

+

+

'''Desktop Betrayal: Exploiting Clients through the Features They Demand'''

+

In this talk, Tom Eston will explore the use of client features to gain privileged access to client systems. During previous talks around social networks, Tom Eston and fellow security researcher Kevin Johnson discovered that most of the damage they could perform against a target didn’t use an exploit against any vulnerable system. Tom and Kevin were able to create various attacks that made use of features being used on client machines. While this talk will not disclose any vulnerabilities within popular client software, Tom will be releasing multiple attacks that use these clients against their users. Tom will be discussing attacks using JavaScript, HTML5, PDF files, Flash, Data URIs, Web Workers and more. Tom will also discuss code to perform these attacks as well as add-ons to popular tools such as BeEF (Browser Exploitation Framework) that will enable these tools to make use of the attacks.

+

+

'''Tom Eston''' is the manager of the SecureState Profiling Team. Tom leads a team of highly skilled penetration testers that provides attack and penetration testing services for SecureState’s clients. Tom focuses much of his research on new technologies such as social media, mobile devices and new web technology. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is also a security blogger, co-host of the Security Justice and Social Media Security podcasts and is a frequent speaker at security user groups and national conferences including DerbyCon, Notacon, OWASP AppSec, Black Hat USA, DEFCON and ShmooCon.

Mike comes to us from the Intrepidus group and we are very lucky to have him. He’s a former web application developer turned computer security consultant. Mike is known for his speaking engagements at BlackHat, Defcon, CanSecWest, numerous OWASP events, and a number of other regional events. His research interests include mobile applications and platforms, remote access technologies, fuzzing, and SSL/TLS, but he currently has a sweet spot for automating web application attacks, identity management, and abusing social networks.

+

+

Mike specializes in developing deep understandings of complex systems in a short period of time. Breaking software, and then documenting how he broke it. More importantly, he’s a skilled mountain biker, road cyclist, and snowboarder.

'''Please sign up for our mailing list. We will not abuse the list or send many emails, but we’d like to use it to send out our meeting invites and reminders. Thank you so very much for your participation. You’re attendance and involvement make our group great and help attract the very best speakers in the industry!'''

+

|-

+

|'''Louisville ISACA is having a Mini CEH training course / lab that I think everyone might be interested in. We would like to share this with ISSA and OWASP members for the $700 price.'''

This regional Conference is held at the RiverCentre in St. Paul, MN. on May 11th and 12th. This Conference is in its 5th year and attracts 500+ paid attendees with over 800 in attendance including attendees, speakers, sponsors and exhibitors.

+

+

Secure360°™ 2010 is shaping up as another exciting event and we would like your help to make it an outstanding success!

+

+

The dates and location are set: '''May 11 & 12, 2010 at the St. Paul River Center.'''

+

Hundreds of practitioners and managers come to Secure360°™ to hear from people like YOU – experienced professionals with specific expertise and real-world knowledge of information risk issues and mitigation techniques. We encourage you to submit a proposal to present an Educational Session at Secure360°™.

+

+

'''Submission of Abstracts'''

+

+

If you have some knowledge to share and would like to submit an abstract, or know of someone who might be interested in presenting, please visit our website and access the Call for Presentations.

+

+

Submitters will be guided through four submission steps:

+

+

Create an Account in our Speakers’ database at http://www.secure360.org/register/speaker

+

Retrieve your personal password from your email box (Note: Registration emails are normally received within minutes. If you don't receive an email with your registration link within 12 hours, check you junk mail folder. If you still do not see it, contact sessions@secure360.org)

+

Review your Bio, make any necessary changes, and add your photo (Note: Make sure your photo is high enough quality for both the Website and our printed materials.

+

Enter up to five Session Proposals (or view the list of "My Sessions" that you already submitted)

+

Submit for Review

+

Notices will be sent out in February

+

+

--

+

''Lorna Alamri

+

+

OWASP Connections

+

skype: lorna.alamri

+

lorna.alamri@owasp.org''

+

|-

+

|The January 2010 OWASP meeting featured a presentation from '''Rafal Los''' of HP.

+

+

'''''Speaker: Rafal Los on Flash and Web 2.0 security'''''

+

+

'''Rafal Los, Security Specialist with Hewlett-Packard's Application Security Center (ASC), is an industry veteran who has worked in a variety of security positions— from consultant to Information Security Officer in the Fortune 100— within some of the most demanding business environments. Rafal’s unique blend of technical expertise and business knowledge enable him to teach audiences about security techniques, programs and processes that they can both understand strategically, and realistically apply. He has extensive experience in security testing, risk analysis and management, penetration testing and architecture and policy. Previous successes include building and implementing a successful web application security program for one of the largest and most diverse companies in the world.'''

+

|-

+

|

+

+

+

The third OWASP meeting featured a presentation from '''Rohyt Belani''' of Intrepidus Group.

+

+

'''Along with being the CEO and co-founder of the Intrepidus Group, Rohyt is also Adjunct Professor at Carnegie Mellon University. Prior to starting the Intrepidus Group, Mr. Belani has held the positions of Managing Director at Mandiant, Principal Consultant at Foundstone and Researcher at the US-CERT. He is a contributing author for Osborne’s Hack Notes – Network Security, as well as Addison Wesley’s Extrusion Detection: Security Monitoring for Internal Intrusions. Mr. Belani is a regular speaker at various industry conferences including Black Hat, OWASP, ASIS, SecTOR, Hack in the Box, Infosec World, DallasCon, CPM, ISSA meetings, and several forums catering to the FBI, US Secret Service, and US Military. He has written technical articles and columns for online publications like Securityfocus and SC magazine, and has been interviewed by BBC Radio, Forbes magazine, TechNewsWorld, InformationWeek, Information Today, IndustryWeek, E-Commerce Times, SmartMoney, and Hacker Japan. Mr. Belani holds a Bachelor of Engineering in Computer Engineering from Bombay University and a Master of Science in Information Networking from Carnegie Mellon University. He currently leads the OWASP Java Project a world-wide consortium of Java security experts.'''

+

+

Please see the description from Rohyt on his presentation on the 18th.

+

+

'''''Site takedown services, anti-phishing filters, and millions of dollars worth of protective technologies…..and the spear phishers are still successful! This presentation will discuss why this is the case. Today, phishing is a key component in a “hackers” repertoire. Phishers are combining social engineering with application security flaws in well known websites to make automated detection of targeted phishing attacks almost impossible. The result - hijacked online brokerage accounts, stolen identities and e-bank robberies. During this talk, I will present the techniques used by attackers to execute such spear phishing attacks, and real-world cases that I have responded to that will provide perspective on the impact. I will then discuss countermeasures that have been proven to be effective and are recommended by reputed bodies like SANS and Carnegie Mellon University.'''''

+

|-

+

|The second OWASP meeting will featured a presentation from '''Adrian Crenshaw of Irongeek'''. Adrian is a Louisville based Security professional that has worked in the IT industry for the last twelve years.

+

+

'''Adrian runs the information security website Irongeek.com, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. He's currently working on an MBA, but is interested in getting a network security/research/teaching job in academia. Please see the description from Adrian on his presentation on the 19th.'''

+

+

[[Title:]] '''Mutillidae: Using a deliberately vulnerable set of PHP scripts to illustrate the OWASP Top 10'''

+

+

'''''Description: A while back I wanted to start covering more web application pen-testing tools and concepts in some of my videos and live classes. Of course, I needed vulnerable web apps to illustrate common web security problems. I like the WebGoat project, but sometimes it's a little hard to figure out exactly what they want you to do to exploit a given web application, and it's written in J2EE (not a layman friendly language). In an attempt to have something simple to use as a demo in my videos and in class, I started the Mutillidae project. Mutillidae is a deliberately vulnerable set of PHP scripts meant to illustrate the OWASP Top 10. This talk will cover installing Mutillidae in a test environment, and how to use it to illustrate the OWASP Top 10 web vulnerabilities in easy to understand terms.'''''

+

|-

+

|March 2009

+

+

'''The first Louisville OWASP meeting was launched with the help of the Kentuckiana ISSA Chapter, on Friday March 6 2009. The Louisville OWASP chapter is closely associated with the Kentuckiana ISSA chapter and will offer ISSA members, other security professionals, application developers, and all other interested parties, a free forum to learn and discuss the newest developments in application security. Following March’s meeting, we will meet quarterly on a different day and time. The information on future meetings will be following soon. Please provide feedback to the board.'''

−

If you plan to attend the meeting please RSVP by email to [mailto:Kristen.Sullivan@ky.gov Kristen Sullivan].

Everyone is welcome to join us at our chapter meetings.

Everyone is welcome to join us at our chapter meetings.

+

|-

+

|}

[[Category:OWASP Chapter]]

[[Category:OWASP Chapter]]

Line 20:

Line 185:

Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. The board currently includes the following members:

Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. The board currently includes the following members:

The OWASP Foundation is a 501(c)3 non-profit organization incorporated in the United States of America. OWASP's all-volunteer participants produce free, professional quality, open-source documentation, tools, and standards. Consult the how OWASP works web page for more information about projects and governance.

The OWASP Foundation is a 501(c)3 non-profit organization incorporated in the United States of America. OWASP's all-volunteer participants produce free, professional quality, open-source documentation, tools, and standards. Consult the how OWASP works web page for more information about projects and governance.

−

OWASP Membership

+

+

+

'''OWASP Membership'''

OWASP is an open source project dedicated to finding and fighting the causes of insecure software. All of our materials are free and offered under an open source license, so you do not have to become a member to use them or participate in our projects, mailing lists, conferences, meetings or other activities. On the other hand OWASP rely membership fees and sponsorship to support his activities. There are also unique benefits to become a corporate member such as the use of OWASP materials within your organization without the restrictions associated with the various open source licenses. OWASP individual members also get discounts to security conferences and other perks. For more information consult the OWASP Membership web page.

OWASP is an open source project dedicated to finding and fighting the causes of insecure software. All of our materials are free and offered under an open source license, so you do not have to become a member to use them or participate in our projects, mailing lists, conferences, meetings or other activities. On the other hand OWASP rely membership fees and sponsorship to support his activities. There are also unique benefits to become a corporate member such as the use of OWASP materials within your organization without the restrictions associated with the various open source licenses. OWASP individual members also get discounts to security conferences and other perks. For more information consult the OWASP Membership web page.

+

+

+

== Articles, Links, etc. ==

+

+

'''OWASP article with the official SCG release on Darkreading magazine today.'''

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Abstract: A brief look at Mozilla's proposed standard for Open Web Apps, how they work and some best practices to follow to ensure yours are secure.

We are very pleased to have another speaker from Mozillia.org at this meeting. The meeting will be conducted via teleconference.

Mark Goodwin works on application security for Mozilla, creators of the popular Firefox web browser. At work, Mark works with web applications and browser security. At home, he plays with the security too; web, phone apps, consumer electronics of all sorts. He also likes to make robots, and tweeting doorbells. Mark has previously worked on Internet banking, e-commerce, embedded systems and logistics software.

Please join us if you can. The meeting is free as always. Water and soft drinks are provided at no cost. Feel free to bring a lunch if you like.

We hope to see you there!

Past Events

Please note: videos of our meetings are below in the presentations sections. We will try to take video of each meeting based on the speaker's permission. Demos may be omitted.

Past Events

May 14th, 2013 from 06:30-07:30PM

Where: LVL1 814 E Broadway Louisville, KY 40204

Topic: Blind SQL injection with sqlmap

Presenter: Conrad Reynolds

The next meeting will be held at LVL1. If you are not familiar with it, LVL1 is a "hacker space" (or "maker space" if you prefer) where people get together to work on interesting projects.

Conrad Reynolds is a very talented web application pen tester and excellent presenter which we are excited to have speaking. In addition to learning about blind SQL injection, stick around if you are so inclined to attend the LVL1 weekly meeting to see what they are all about. There are a lot of interesting projects going on at LVL1 to check out.

For the OWASP meeting, please plan on arriving between 06:00 - 06:20PM. Conrad's presentation will be from 06:30 - 07:30. If you want to stay for the LVL1 meeting, it starts at 08:00PM, and runs for 30 minutes or so. They also provide a tour of the facility for anyone interested. Some of the LVL1 members also like to cook, and may have dinner available for donations.

This is our first evening timeframe meeting. We want to accomodate as many as possible, and also wanted to partner up with LVL1 to cross-promote. We hope to see you there!

For more information on LVL1, please check out their site at http://lvl1.org

Curtis Koenig is the current Chapter Leader for the Louisville OWASP chapter, serving the southern Indiana and Greater Louisville Metro area. He is the Sr. Security Program Manager for Mozilla, the open source project behind such products as Firefox and Thunderbird. Curtis has over 10 years in the security field with knowledge in security operations, incident response, security architecture, malware analysis, and security configuration and design. Curtis is a frequent speaker at conferences for Mozilla. In his spare time Curtis like to hike and camp with his family and volunteers teaching leadership skills for youth and adults.

Topics: With our chapter being newly rebooted, Curtis covered what OWASP is all about to provide some background for new people, as well as what has changed with OWASP since our last meeting.
Curtis also covered a few open source tools like ZAP, Multilidae, and Web Goat, and how they are used internally at Mozilla.

When you arrive at the University's main building, Drive around past the front visitor's doors to the parking area on the right side of the Main Building. Room 254 can be accessed via a back stairway near a break area on the back right-hand side of the building, very easy to spot.

Desktop Betrayal: Exploiting Clients through the Features They Demand
In this talk, Tom Eston will explore the use of client features to gain privileged access to client systems. During previous talks around social networks, Tom Eston and fellow security researcher Kevin Johnson discovered that most of the damage they could perform against a target didn’t use an exploit against any vulnerable system. Tom and Kevin were able to create various attacks that made use of features being used on client machines. While this talk will not disclose any vulnerabilities within popular client software, Tom will be releasing multiple attacks that use these clients against their users. Tom will be discussing attacks using JavaScript, HTML5, PDF files, Flash, Data URIs, Web Workers and more. Tom will also discuss code to perform these attacks as well as add-ons to popular tools such as BeEF (Browser Exploitation Framework) that will enable these tools to make use of the attacks.

Tom Eston is the manager of the SecureState Profiling Team. Tom leads a team of highly skilled penetration testers that provides attack and penetration testing services for SecureState’s clients. Tom focuses much of his research on new technologies such as social media, mobile devices and new web technology. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is also a security blogger, co-host of the Security Justice and Social Media Security podcasts and is a frequent speaker at security user groups and national conferences including DerbyCon, Notacon, OWASP AppSec, Black Hat USA, DEFCON and ShmooCon.

Mike comes to us from the Intrepidus group and we are very lucky to have him. He’s a former web application developer turned computer security consultant. Mike is known for his speaking engagements at BlackHat, Defcon, CanSecWest, numerous OWASP events, and a number of other regional events. His research interests include mobile applications and platforms, remote access technologies, fuzzing, and SSL/TLS, but he currently has a sweet spot for automating web application attacks, identity management, and abusing social networks.

Mike specializes in developing deep understandings of complex systems in a short period of time. Breaking software, and then documenting how he broke it. More importantly, he’s a skilled mountain biker, road cyclist, and snowboarder.

Please sign up for our mailing list. We will not abuse the list or send many emails, but we’d like to use it to send out our meeting invites and reminders. Thank you so very much for your participation. You’re attendance and involvement make our group great and help attract the very best speakers in the industry!

Louisville ISACA is having a Mini CEH training course / lab that I think everyone might be interested in. We would like to share this with ISSA and OWASP members for the $700 price.

This regional Conference is held at the RiverCentre in St. Paul, MN. on May 11th and 12th. This Conference is in its 5th year and attracts 500+ paid attendees with over 800 in attendance including attendees, speakers, sponsors and exhibitors.

Secure360°™ 2010 is shaping up as another exciting event and we would like your help to make it an outstanding success!

The dates and location are set: May 11 & 12, 2010 at the St. Paul River Center.
Hundreds of practitioners and managers come to Secure360°™ to hear from people like YOU – experienced professionals with specific expertise and real-world knowledge of information risk issues and mitigation techniques. We encourage you to submit a proposal to present an Educational Session at Secure360°™.

Submission of Abstracts

If you have some knowledge to share and would like to submit an abstract, or know of someone who might be interested in presenting, please visit our website and access the Call for Presentations.

Submitters will be guided through four submission steps:

Create an Account in our Speakers’ database at http://www.secure360.org/register/speaker
Retrieve your personal password from your email box (Note: Registration emails are normally received within minutes. If you don't receive an email with your registration link within 12 hours, check you junk mail folder. If you still do not see it, contact sessions@secure360.org)
Review your Bio, make any necessary changes, and add your photo (Note: Make sure your photo is high enough quality for both the Website and our printed materials.
Enter up to five Session Proposals (or view the list of "My Sessions" that you already submitted)
Submit for Review
Notices will be sent out in February

--
Lorna Alamri

OWASP Connections
skype: lorna.alamri
lorna.alamri@owasp.org

The January 2010 OWASP meeting featured a presentation from Rafal Los of HP.

Speaker: Rafal Los on Flash and Web 2.0 security

Rafal Los, Security Specialist with Hewlett-Packard's Application Security Center (ASC), is an industry veteran who has worked in a variety of security positions— from consultant to Information Security Officer in the Fortune 100— within some of the most demanding business environments. Rafal’s unique blend of technical expertise and business knowledge enable him to teach audiences about security techniques, programs and processes that they can both understand strategically, and realistically apply. He has extensive experience in security testing, risk analysis and management, penetration testing and architecture and policy. Previous successes include building and implementing a successful web application security program for one of the largest and most diverse companies in the world.

The third OWASP meeting featured a presentation from Rohyt Belani of Intrepidus Group.

Along with being the CEO and co-founder of the Intrepidus Group, Rohyt is also Adjunct Professor at Carnegie Mellon University. Prior to starting the Intrepidus Group, Mr. Belani has held the positions of Managing Director at Mandiant, Principal Consultant at Foundstone and Researcher at the US-CERT. He is a contributing author for Osborne’s Hack Notes – Network Security, as well as Addison Wesley’s Extrusion Detection: Security Monitoring for Internal Intrusions. Mr. Belani is a regular speaker at various industry conferences including Black Hat, OWASP, ASIS, SecTOR, Hack in the Box, Infosec World, DallasCon, CPM, ISSA meetings, and several forums catering to the FBI, US Secret Service, and US Military. He has written technical articles and columns for online publications like Securityfocus and SC magazine, and has been interviewed by BBC Radio, Forbes magazine, TechNewsWorld, InformationWeek, Information Today, IndustryWeek, E-Commerce Times, SmartMoney, and Hacker Japan. Mr. Belani holds a Bachelor of Engineering in Computer Engineering from Bombay University and a Master of Science in Information Networking from Carnegie Mellon University. He currently leads the OWASP Java Project a world-wide consortium of Java security experts.

Please see the description from Rohyt on his presentation on the 18th.

Site takedown services, anti-phishing filters, and millions of dollars worth of protective technologies…..and the spear phishers are still successful! This presentation will discuss why this is the case. Today, phishing is a key component in a “hackers” repertoire. Phishers are combining social engineering with application security flaws in well known websites to make automated detection of targeted phishing attacks almost impossible. The result - hijacked online brokerage accounts, stolen identities and e-bank robberies. During this talk, I will present the techniques used by attackers to execute such spear phishing attacks, and real-world cases that I have responded to that will provide perspective on the impact. I will then discuss countermeasures that have been proven to be effective and are recommended by reputed bodies like SANS and Carnegie Mellon University.

The second OWASP meeting will featured a presentation from Adrian Crenshaw of Irongeek. Adrian is a Louisville based Security professional that has worked in the IT industry for the last twelve years.

Adrian runs the information security website Irongeek.com, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. He's currently working on an MBA, but is interested in getting a network security/research/teaching job in academia. Please see the description from Adrian on his presentation on the 19th.

Title:Mutillidae: Using a deliberately vulnerable set of PHP scripts to illustrate the OWASP Top 10

Description: A while back I wanted to start covering more web application pen-testing tools and concepts in some of my videos and live classes. Of course, I needed vulnerable web apps to illustrate common web security problems. I like the WebGoat project, but sometimes it's a little hard to figure out exactly what they want you to do to exploit a given web application, and it's written in J2EE (not a layman friendly language). In an attempt to have something simple to use as a demo in my videos and in class, I started the Mutillidae project. Mutillidae is a deliberately vulnerable set of PHP scripts meant to illustrate the OWASP Top 10. This talk will cover installing Mutillidae in a test environment, and how to use it to illustrate the OWASP Top 10 web vulnerabilities in easy to understand terms.

March 2009

The first Louisville OWASP meeting was launched with the help of the Kentuckiana ISSA Chapter, on Friday March 6 2009. The Louisville OWASP chapter is closely associated with the Kentuckiana ISSA chapter and will offer ISSA members, other security professionals, application developers, and all other interested parties, a free forum to learn and discuss the newest developments in application security. Following March’s meeting, we will meet quarterly on a different day and time. The information on future meetings will be following soon. Please provide feedback to the board.

Everyone is welcome to join us at our chapter meetings.

Louisville OWASP Chapter Board Members

Scope of the board is to discuss and approve local activities, meetings and plans.The board meetings will be announced at a later date. The board currently includes the following members:

About OWASP

The OWASP Foundation is a 501(c)3 non-profit organization incorporated in the United States of America. OWASP's all-volunteer participants produce free, professional quality, open-source documentation, tools, and standards. Consult the how OWASP works web page for more information about projects and governance.

OWASP Membership

OWASP is an open source project dedicated to finding and fighting the causes of insecure software. All of our materials are free and offered under an open source license, so you do not have to become a member to use them or participate in our projects, mailing lists, conferences, meetings or other activities. On the other hand OWASP rely membership fees and sponsorship to support his activities. There are also unique benefits to become a corporate member such as the use of OWASP materials within your organization without the restrictions associated with the various open source licenses. OWASP individual members also get discounts to security conferences and other perks. For more information consult the OWASP Membership web page.

Articles, Links, etc.

OWASP article with the official SCG release on Darkreading magazine today.